Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A computer-implemented method for recovery of computing environments via a replication solution, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising: dynamically maintaining a replica of data associated with a protected computing device via a data replication device; obtaining, from a preboot execution environment (PXE) server, a PXE comprising a bootable replication environment for the protected computing device; directing the protected computing device to boot using the bootable replication environment; exposing at least one data storage device associated with the protected computing device to the data replication device via a secure data connection; replicating the replica of data associated with the protected computing device to the data storage device associated with the protected computing device via the bootable replication environment and the secure data connection; maintaining state information, the state information associated with replicating the replica of data associated with the protected computing device; detecting an interruption in replicating the replica of data associated with the protected computing device; and resuming, based on the state information, replicating the replica of data associated with the protected computing device.
This invention relates to a computer-implemented method for recovering computing environments using a data replication solution. The method addresses the challenge of efficiently restoring data to a protected computing device, particularly in scenarios where the device may be in a non-operational state or requires recovery from a failure. The solution involves dynamically maintaining a replica of the protected device's data via a data replication device. A preboot execution environment (PXE) server provides a bootable replication environment, which the protected device uses to boot. The method then exposes the protected device's data storage to the replication device through a secure connection, allowing the replica data to be replicated back to the original storage. The process includes maintaining state information to track the replication progress, detecting interruptions, and resuming replication from the last known state. This ensures reliable recovery even if the process is disrupted, minimizing data loss and downtime. The approach leverages a bootable environment to bypass potential system failures, enabling seamless restoration of the computing environment.
2. The computer-implemented method of claim 1 , further comprising: hosting, via the bootable replication environment, a hypertext transfer protocol (HTTP) server configured to receive representational state transfer (REST) directives; receiving, via the HTTP server, a REST directive comprising a secure reboot command; and directing, in response to receiving the secure reboot command via the HTTP server, the protected computing device to boot into a bootable operating environment of the protected computing device.
This invention relates to secure computing systems and methods for managing device reboots in a protected environment. The technology addresses the challenge of securely rebooting a computing device while maintaining system integrity and protecting sensitive data. The method involves hosting a bootable replication environment that includes an HTTP server capable of receiving REST directives. The HTTP server processes these directives, which may include commands for secure operations. Specifically, the system receives a REST directive containing a secure reboot command via the HTTP server. In response, the system directs the protected computing device to boot into its bootable operating environment, ensuring a controlled and secure reboot process. This approach enhances security by allowing remote management of reboot operations while maintaining the integrity of the computing environment. The method is particularly useful in scenarios where remote administration of secure devices is required, such as in enterprise networks or critical infrastructure systems. The invention ensures that reboot operations are performed in a controlled manner, reducing the risk of unauthorized access or system compromise during the reboot process.
3. The computer-implemented method of claim 1 , wherein: the PXE further comprises a set of configuration parameters associated with the data replication device; and exposing the data storage device associated with the protected computing device to the data replication device comprises validating the set of configuration parameters.
This invention relates to data replication systems, specifically methods for securely exposing a protected computing device's data storage to a data replication device. The problem addressed is ensuring secure and validated access to protected storage during replication processes, preventing unauthorized or improperly configured access that could compromise data integrity or security. The method involves a Preboot Execution Environment (PXE) that includes configuration parameters tied to the data replication device. When exposing the protected computing device's data storage to the replication device, the system validates these parameters before allowing access. This ensures that only properly configured replication devices can interact with the protected storage, reducing risks of misconfiguration or unauthorized access. The validation process checks the configuration parameters against predefined criteria, such as security policies, compatibility requirements, or authentication credentials. If the parameters meet the criteria, the data storage is exposed; otherwise, access is denied. This approach enhances security by enforcing strict access controls and preventing replication operations from proceeding with invalid or unsafe configurations. The method is particularly useful in environments where data integrity and security are critical, such as enterprise networks or cloud computing systems.
4. The computer-implemented method of claim 1 , wherein: the bootable replication environment comprises authentication information associated with the data replication device; and exposing the data storage device associated with the protected computing device to the data replication device comprises establishing the secure data connection between the protected computing device and the data replication device the using the authentication information associated with the data replication device.
This invention relates to secure data replication in computing systems, specifically addressing the challenge of safely transferring data between a protected computing device and a data replication device while ensuring authentication and secure communication. The method involves creating a bootable replication environment that includes authentication information tied to the data replication device. When establishing a connection between the protected computing device and the data replication device, this authentication information is used to verify the identity of the replication device before exposing the protected device's data storage. The secure data connection is then established using this authenticated link, ensuring that only authorized devices can access the protected data. This approach enhances security by preventing unauthorized access during the replication process, which is critical for systems handling sensitive or proprietary data. The method ensures that the replication environment is trusted and that the data transfer occurs over a verified, secure channel. This solution is particularly useful in environments where data integrity and security are paramount, such as enterprise networks or systems handling confidential information.
5. The computer-implemented method of claim 4 , wherein the authentication information comprises at least one secure socket layer (SSL) public key associated with the data replication device.
This invention relates to secure data replication systems, specifically addressing the challenge of verifying the authenticity and integrity of data replication devices in a network. The method involves authenticating a data replication device by validating authentication information associated with the device. The authentication information includes at least one Secure Socket Layer (SSL) public key linked to the data replication device. This SSL public key is used to establish a secure communication channel, ensuring that data transmitted between the device and other network components is encrypted and protected from unauthorized access or tampering. The method may also involve additional authentication steps, such as verifying digital certificates or cryptographic signatures, to further enhance security. By using SSL public keys, the system ensures that only authorized devices can participate in data replication processes, preventing unauthorized devices from intercepting or altering replicated data. This approach is particularly useful in environments where data integrity and confidentiality are critical, such as financial systems, healthcare networks, or enterprise data centers. The method may be implemented as part of a broader data replication framework, where multiple devices and systems interact to ensure reliable and secure data transfer.
6. The computer-implemented method of claim 1 , wherein: the state information is further associated with exposing the data storage device associated with the protected computing device to the data replication device; detecting an interruption in exposing the data storage device associated with the protected computing device to the data replication device; and resuming, based on the state information, exposing the data storage device associated with the protected computing device to the data replication device.
A method for managing data replication between a protected computing device and a data replication device involves tracking state information to ensure continuous and reliable data transfer. The method addresses the problem of maintaining data replication integrity when interruptions occur, such as network disruptions or device failures, by storing state information that allows the replication process to resume accurately after an interruption. The state information includes details about the data storage device of the protected computing device, enabling the replication device to access and synchronize data. If an interruption is detected during the exposure of the protected device's storage to the replication device, the method uses the stored state information to resume the replication process seamlessly. This ensures that data consistency is maintained without requiring a full resynchronization, improving efficiency and reliability in data replication tasks. The method is particularly useful in environments where uninterrupted data replication is critical, such as backup systems, disaster recovery, and distributed computing.
7. The computer-implemented method of claim 6 , wherein the state information comprises at least one of: a default state; a not discovered state that corresponds to an initial state; a validating state that indicates that the bootable replication environment is validating one or more configuration parameters; an available state that indicates that the configuration parameters have been validated; a ready to connect state that indicates that the data storage device associated with the protected computing device has been successfully exposed to the data replication device; a connected state that indicates that the data replication device has successfully connected to the data storage device via the secured data connection; a disconnected state that indicates that the data replication device has successfully disconnected from the protected computing device; and an error state that indicates that an error has occurred.
This invention relates to a computer-implemented method for managing the state of a bootable replication environment used in data replication systems. The method addresses the challenge of ensuring secure and reliable data replication between a protected computing device and a data replication device by tracking and managing various operational states of the replication process. The state information includes multiple predefined states that reflect different stages of the replication workflow. These states include a default state, a not discovered state indicating an initial state, a validating state where configuration parameters are being verified, an available state confirming successful validation, a ready to connect state indicating the data storage device is exposed, a connected state confirming a secure connection, a disconnected state indicating a successful disconnection, and an error state signaling a failure. The method dynamically updates these states to provide real-time visibility into the replication process, ensuring proper synchronization and error handling. This approach enhances data integrity and security by maintaining clear state transitions and preventing unauthorized access during replication. The system ensures that only validated configurations proceed to connection and replication phases, reducing risks of data corruption or security breaches.
8. The computer-implemented method of claim 1 , wherein exposing the data storage device associated with the protected computing device to the data replication device comprises exposing the data storage device associated with the protected computing device to the data replication device via an Internet Small Computer Systems Interface (iSCSI).
This invention relates to data replication systems, specifically methods for securely exposing a protected computing device's data storage to a data replication device. The problem addressed is the need for secure and efficient data replication between devices, particularly in environments where direct access to the protected device's storage is restricted. The solution involves using the Internet Small Computer Systems Interface (iSCSI) protocol to facilitate this exposure. iSCSI is a standard protocol that allows block-level data storage access over a network, enabling the replication device to interact with the protected device's storage as if it were locally attached. The method ensures that data replication can occur without compromising the security of the protected device, as iSCSI provides encrypted communication and authentication mechanisms. This approach is particularly useful in scenarios where the protected device is part of a high-security environment, such as a data center or enterprise network, where direct storage access is restricted but replication is still required for backup, disaster recovery, or data synchronization purposes. The use of iSCSI ensures compatibility with existing storage systems and networks, making the solution scalable and adaptable to various infrastructure setups.
9. The computer-implemented method of claim 1 , wherein obtaining the PXE from the PXE server comprises determining that the protected computing device is included in a list of pre-approved protected computing devices.
A method for securely managing computing devices in a network environment involves verifying the identity of a protected computing device before allowing it to access a Preboot Execution Environment (PXE) server. The method addresses the problem of unauthorized devices attempting to access network resources by ensuring only pre-approved devices can initiate the PXE boot process. When a protected computing device requests access to the PXE server, the system checks whether the device is listed in a predefined set of authorized devices. If the device is confirmed as pre-approved, access is granted, enabling the device to proceed with the PXE boot sequence. This verification step prevents unauthorized devices from exploiting the PXE server, enhancing network security by restricting access to trusted devices only. The method integrates with existing PXE infrastructure, ensuring compatibility while adding an additional layer of security. The pre-approval list can be dynamically updated to accommodate new devices or revoke access for compromised or decommissioned devices, maintaining robust security controls. This approach is particularly useful in enterprise environments where strict access control is required to protect sensitive network resources.
10. The computer-implemented method of claim 1 , wherein the protected computing device comprises a physical computing device.
A computer-implemented method involves securing a computing device by detecting unauthorized access attempts and mitigating them. The method monitors the device for suspicious activities, such as repeated login failures or unusual data access patterns, and applies security measures like locking accounts or isolating the device from a network. The protected computing device can be a physical computing device, such as a server, workstation, or embedded system, ensuring that security protocols are enforced at the hardware level. The system may also analyze behavioral patterns to distinguish between legitimate users and potential threats, reducing false positives. By integrating with existing security frameworks, the method provides a robust defense against unauthorized access while maintaining operational efficiency. The approach is particularly useful in environments where physical security is critical, such as data centers or industrial control systems, where unauthorized access could lead to data breaches or system compromises. The method dynamically adjusts security policies based on real-time threat assessments, ensuring adaptive protection against evolving attack vectors.
11. The computer-implemented method of claim 1 , wherein the protected computing device comprises a virtual computing device.
A computer-implemented method involves securing a virtual computing device by detecting and mitigating unauthorized access or tampering. The method monitors the virtual device's operations, including its interactions with other systems, to identify suspicious activities such as unauthorized modifications or data breaches. When such activities are detected, the system automatically triggers countermeasures, which may include isolating the virtual device, revoking access permissions, or logging the incident for further analysis. The method ensures that the virtual device operates within predefined security parameters, preventing unauthorized changes to its configuration or data. This approach enhances the security of virtualized environments by providing real-time monitoring and automated responses to potential threats, reducing the risk of compromise. The system may also integrate with existing security frameworks to provide comprehensive protection across multiple virtual devices in a networked environment. By focusing on virtual computing devices, the method addresses the unique security challenges posed by virtualization, such as hypervisor vulnerabilities and shared resource risks. The solution is particularly useful in cloud computing and enterprise IT environments where virtual machines are widely deployed.
12. The computer-implemented method of claim 1 , wherein the data replication device hosts the PXE server.
A system and method for data replication in a computing environment involves a data replication device that hosts a Preboot Execution Environment (PXE) server. The PXE server is used to facilitate network booting of client devices, allowing them to load an operating system or other software over a network. The data replication device, which may include storage and processing capabilities, replicates data across multiple systems to ensure redundancy and availability. By integrating the PXE server functionality into the data replication device, the system streamlines network boot operations, reduces hardware requirements, and centralizes management. This approach is particularly useful in enterprise environments where multiple client devices need to be booted or reconfigured remotely, ensuring consistent and reliable access to necessary software and data. The system may also include features for monitoring replication status, managing boot configurations, and handling failover scenarios to maintain high availability. The integration of PXE server capabilities with data replication enhances efficiency and reduces complexity in networked computing environments.
13. A system for recovery of computing environments via a replication solution, the system comprising: a maintaining module, stored in memory, that dynamically maintains a replica of data associated with a protected computing device via a data replication device; an obtaining module, stored in memory, that obtains, from a preboot execution environment (PXE) server, a PXE comprising a bootable replication environment for the protected computing device; a directing module, stored in memory, that directs the protected computing device to boot using the bootable replication environment; an exposing module, stored in memory, that exposes at least one data storage device associated with the protected computing device to the data replication device via a secure data connection; a replicating module, stored in memory, that replicates the replica of data associated with the protected computing device to the data storage device associated with the protected computing device via the bootable replication environment and the secure data connection; a managing module, stored in memory, that: maintains state information, the state information associated with replicating the replica of data associated with the protected computing device; detects an interruption in replicating the replica of data associated with the protected computing device; and resumes, based on the state information, replicating the replica of data associated with the protected computing device; and at least one physical processor that executes the maintaining module, the obtaining module, the directing module, the exposing module, the replicating module, and the managing module.
The system recovers computing environments using a data replication solution. It addresses the challenge of restoring protected computing devices by maintaining a dynamic replica of their data through a dedicated replication device. The system includes modules that obtain a bootable replication environment from a PXE server, direct the protected device to boot using this environment, and expose its storage devices to the replication device via a secure connection. Data replication occurs through the bootable environment, ensuring the protected device's storage is restored with the replicated data. A managing module tracks replication state, detects interruptions, and resumes the process based on saved state information, ensuring continuity even if the replication is disrupted. The system operates through a physical processor executing these modules, providing a robust recovery mechanism for computing environments. This approach minimizes downtime and data loss by leveraging preboot environments and secure replication pathways.
14. The system of claim 13 , wherein: the system further comprises a hosting module, stored in memory, that: hosts, via the bootable replication environment, a hypertext transfer protocol (HTTP) server configured to receive representational state transfer (REST) directives; and receives, via the HTTP server, a REST directive comprising a secure reboot command; the physical processor further executes the hosting module; and the directing module further directs, in response to the hosting module receiving the secure reboot command via the HTTP server, the protected computing device to boot into a bootable operating environment of the protected computing device.
This invention relates to secure computing systems that enable remote management and reboot operations. The system includes a protected computing device with a physical processor and memory, where the memory stores a directing module and a hosting module. The directing module controls the boot process of the protected computing device, ensuring it boots into a secure, isolated environment. The hosting module operates within this environment and includes an HTTP server that accepts REST (Representational State Transfer) directives. The HTTP server is configured to receive and process secure reboot commands sent via REST APIs. When the hosting module receives a secure reboot command through the HTTP server, the directing module responds by directing the protected computing device to boot into its bootable operating environment. This allows for remote, secure management of the computing device, ensuring that reboot operations are performed in a controlled and authenticated manner. The system enhances security by isolating the reboot process within a trusted environment, preventing unauthorized access or tampering during the boot sequence.
15. The system of claim 13 , wherein: the PXE further comprises a set of configuration parameters associated with the data replication device; and the exposing module exposes the data storage device associated with the protected computing device to the data replication device by validating the set of configuration parameters.
This invention relates to data replication systems, specifically improving secure access control between a protected computing device and a data replication device. The system addresses the challenge of ensuring that only authorized replication devices can access and replicate data from protected systems, preventing unauthorized data exposure or tampering. The system includes a protected computing device with a data storage device and a protected extensible environment (PXE) that manages access to the storage device. The PXE contains configuration parameters that define the allowed replication devices and their access permissions. When a data replication device requests access, the system validates the device against these parameters before granting exposure of the storage device. This validation ensures that only properly configured and authorized replication devices can interact with the protected data. The configuration parameters may include device identifiers, authentication credentials, or specific replication protocols, allowing fine-grained control over access. By integrating this validation step, the system enhances security while maintaining the efficiency of data replication processes. This approach is particularly useful in environments where data integrity and confidentiality are critical, such as enterprise networks or cloud computing infrastructures. The invention improves upon prior systems by adding an additional layer of security through parameter-based validation before exposing storage devices to replication devices.
16. The system of claim 13 , wherein: the bootable replication environment comprises authentication information associated with the data replication device; and the exposing module exposes the data storage device associated with the protected computing device to the data replication device by establishing the secure data connection between the protected computing device and the data replication device the using the authentication information associated with the data replication device.
This invention relates to secure data replication systems, specifically for establishing authenticated connections between a protected computing device and a data replication device. The system addresses the challenge of securely exposing a protected computing device's data storage to a replication device while ensuring only authorized access. The bootable replication environment includes authentication credentials linked to the data replication device. When initiating replication, the system exposes the protected device's storage by establishing a secure data connection using these credentials. This ensures that only the authenticated replication device can access the protected data, preventing unauthorized replication or data breaches. The system may also include modules for managing replication tasks, such as scheduling, monitoring, and verifying data integrity during the replication process. The secure connection is established dynamically, allowing the protected device to remain operational while replication occurs, minimizing downtime. The invention improves data security by enforcing strict authentication before exposing sensitive storage, reducing risks associated with unauthorized access during replication.
17. The system of claim 13 , wherein: the state information is further associated with exposing the data storage device associated with the protected computing device to the data replication device; the managing module further: detects an interruption in exposing the data storage device associated with the protected computing device to the data replication device; and directs, based on the state information, the exposing module to resume exposing the data storage device associated with the protected computing device to the data replication device.
A system for managing data replication between a protected computing device and a data replication device includes a managing module that tracks state information related to the exposure of the protected device's data storage to the replication device. The system ensures continuous data
18. The system of claim 13 , wherein the obtaining module obtains the PXE from the PXE server by determining that the protected computing device is in a list of pre-approved protected computing devices.
A system for secure network booting involves a protected computing device that obtains a Preboot Execution Environment (PXE) from a PXE server. The system includes a module that retrieves the PXE by verifying that the protected computing device is listed in a pre-approved registry of authorized devices. This verification ensures that only trusted devices can access the PXE server, enhancing network security by preventing unauthorized booting. The system may also include additional modules for managing network connections, authenticating devices, and enforcing security policies during the boot process. The protected computing device may be a server, workstation, or embedded system requiring secure initialization. The pre-approved list is maintained by an administrator or automated policy engine to dynamically update authorized devices. This approach mitigates risks such as unauthorized access, boot attacks, and network compromise by restricting PXE access to verified devices. The system may integrate with existing network infrastructure, including DHCP and TFTP servers, to facilitate secure boot operations.
19. The system of claim 13 , wherein the protected computing device comprises at least one of: a physical computing device; and a virtual computing device.
This invention relates to a system for securing computing devices, addressing the problem of unauthorized access and data breaches in both physical and virtual computing environments. The system includes a protected computing device that can be either a physical computing device, such as a server, workstation, or embedded system, or a virtual computing device, such as a virtual machine or container running in a cloud or virtualized environment. The protected computing device is configured to enforce security policies, monitor for suspicious activities, and restrict access to sensitive resources. The system may also include additional components, such as authentication modules, encryption mechanisms, and network security controls, to further enhance protection. By supporting both physical and virtual computing devices, the system provides a flexible and scalable solution for securing diverse computing environments against cyber threats. The invention aims to improve security posture while maintaining operational efficiency in modern IT infrastructures.
20. A non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to: dynamically maintain a replica of data associated with a protected computing device via a data replication device; obtain, from a preboot execution environment (PXE) server, a PXE comprising a bootable replication environment for the protected computing device; direct the protected computing device to boot using the bootable replication environment; expose at least one data storage device associated with the protected computing device to the data replication device via a secure data connection; replicate the replica of data associated with the protected computing device to the data storage device associated with the protected computing device via the bootable replication environment and the secure data connection; maintains state information, the state information associated with replicating the replica of data associated with the protected computing device; detects an interruption in replicating the replica of data associated with the protected computing device; and resumes, based on the state information, replicating the replica of data associated with the protected computing device.
This invention relates to data replication and recovery systems, specifically for protected computing devices. The system addresses the challenge of securely and reliably restoring data to a protected device, particularly in scenarios where the device's operating system may be compromised or unavailable. The solution involves dynamically maintaining a replica of the protected device's data via a data replication device. When recovery is needed, the system obtains a Preboot Execution Environment (PXE) boot image from a PXE server, which includes a bootable replication environment. The protected device is directed to boot using this environment, allowing it to operate independently of its primary operating system. The system then exposes the protected device's data storage device to the replication device over a secure connection. The replica data is replicated back to the protected device's storage via this secure channel. The system maintains state information throughout the replication process to track progress. If an interruption occurs, the system detects it and resumes replication from the last known state, ensuring data integrity and minimizing downtime. This approach enables secure, resumable data recovery without relying on the protected device's native operating system.
Unknown
August 11, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.